A share generating device obtains N seeds s.sub.0, . . . , s.sub.N−1, obtains a function value y=g(x, e)∈F.sup.m of plaintext x∈F.sup.m and a function value e, and obtains information containing a member y.sub.i and N−1 seeds s.sub.d, where d∈{0, . . . , N−1} and d≠i, as a share SS.sub.i of the plaintext x in secret sharing and outputs the share SS.sub.i. It is to be noted that the function value y is expressed by members y.sub.0∈F.sup.m(0), . . . , y.sub.N−1∈F.sup.m(N−1), which satisfy m=m(0)+ . . . +m(N−1).

Some embodiments are directed to a dealer device for batch-wise provisioning of preprocessing information for a multiparty computation and an evaluator device for batch-wise distributed verification with one or more other evaluator devices of the preprocessing information. The preprocessing information comprises multiple random values and multiple message authentication codes for blinding and integrity checking respectively in the multi-party computation. The multiple random values and a set of proof values together define a checking polynomial. The dealer device computes proof values wherein the checking polynomial is identical to zero. The evaluator device obtains secret-shares of the random values, proof values, and message authentication codes. The evaluator device checks by a distributed computation with the one or more other evaluator devices that an evaluation of the checking polynomial in a random evaluation point is zero, thus verifying that multiple polynomial checking equations are satisfied on the multiple random values.

The present disclosure involves systems, software, and computer implemented methods for a efficient distributed secret shuffle protocol for encrypted database entries using dependent shufflers. Each of multiple clients provides an encrypted client-specific secret input value. A subset of clients are shuffling clients who participate with a service provider in a secret shuffling of the encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

The present disclosure involves systems, software, and computer implemented methods for a communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values, including use of an oblivious transfer mechanism. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

According to an aspect, there is provided a first node for use in a system, wherein the first node is configured to determine a plurality of keys for enabling a computation by a plurality of worker nodes in the system, wherein the computation comprises a plurality of computation parts, wherein the plurality of computation parts comprises one or more types of computation part, and wherein an output from one computation part to another computation part is a shared block; and publish the determined plurality of keys for access by at least one input node in the system, the plurality of worker nodes, and at least one recipient node in the system; wherein the plurality of keys comprises a computation part prove key for each part of the computation; a computation part verification key for each part of the computation; a shared block commitment generation key for each shared block; an input commitment generation key for each input node and computation part combination; and an output commitment generation key for each recipient node and computation part combination. A corresponding method of operating a first node is also provided.

A method includes receiving, on a computer-implemented system and from user, an identification of data and an identification of an algorithm and, based on a user interaction with the computer-implemented system comprising a one-click interaction or a two-click interaction. Without further user input, the method includes dividing the data into a data first subset and a data second subset, dividing the algorithm (or a Boolean logic gate representation of the algorithm) into an algorithm first subset and an algorithm second subset, running, on the computer-implemented system at a first location, the data first subset with the algorithm first subset to yield a first partial result, running, on the computer-implemented system at a second location separate from the first location, the data second subset with the algorithm second subset to yield a second partial result and outputting a combined result based on the first partial result and the second partial result.

A computer implemented system for anonymous electronic verification of location credentials including at least one processor and data storage is described in various embodiments. The system includes cryptographic mechanisms and electronic communication between one or more computing systems that in concert, provide verification of a prover's location credentials in accordance to logical conditions of a verifier's policy without providing additional information to a verifier entity.

The present disclosure involves systems, software, and computer implemented methods for a verifiable communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations, different blinding values, and use of random secret-shares. A protocol step includes homomorphic operations to shuffle encrypted secret input values so that resulting encrypted secret input values are rerandomized and in a shuffled sequence that is unmapped to an order of receipt by the service provider of the encrypted secret input values.

Provided herein are system, methods and computer program products for identifying duplicate records stored in a database system, comprising: generating a plurality of encrypted match indexes for each of a plurality of records stored in the database system, each of the plurality of encrypted match indexes encrypts a value of each encryption enabled field of a respective one of the plurality of records defined by at least one match rule, creating a cluster of records comprising at least one set containing at least two records of the plurality of records, the at least two records having respective encrypted match indexes corresponding to the at least one match rule, causing identification of duplicate records in the at least one set according to detection of records of the at least one set having respective match indexes matching the at least one match rule, and outputting an indication of the identified duplicate records.

Provided is a pre-calculation device capable of keeping a secret against malicious behaviors of participants while keeping a processing load small. A Beaver triple generation processor generates a secret-shared Beaver triple formed of two secret-shared random numbers and a secret-shared value of a product of the two random numbers. A Beaver triple random inspection processor randomly selects a secret-shared Beaver triple, restores the Beaver triple through communication to and from other pre-calculation devices, and confirms that a product of first two elements is equal to a third element. The Beaver triple position stirring processor randomly replaces Beaver triples that have not been restored, to generate replaced secret-shared Beaver triples.